Certificate Revocation

1
Certificate Revocation

• Serge Egelman

2
Introduction

• What is revocation?
• Why do we need it?
• What is currently being done?

3
Huh?

• Certificates Are
• Identity
• Personal
• Corporate
• Financial
• Overall Security

4
Why Revoke?

• Key Compromise
• Forgotten Passphrase
• Lost Private Key
• Stale Keys
• PKI is only as secure as the revocation
  mechanism

5
Current Standard

• Certificate Revocation Lists (CRLs)
• Serial Numbers
• PEM and DER
• Expiration Date
• Next Update Date
• CA Signed
• Should Be Publically Available.

6
Obtaining CRLs
7
Obtaining CRLs
Certificate Revocation List (CRL)
Version 1 (0x0) Signature Algorithm
md5WithRSAEncryption Issuer /CUS/ORSA
Data Security, Inc./OUSecure Server
Certification Authority Last Update Jan
22 110036 2004 GMT Next Update Feb 5
110036 2004 GMT Revoked Certificates
Serial Number 010199E0F79E9034FDD3D176DBB83A05
Revocation Date Apr 2 150351 2003 GMT
Serial Number 01048336716E434C44813CFCA5A829BF
Revocation Date Sep 17 234852 2002
GMT Serial Number 0104C6A0285798B92A015D64101
0279F Revocation Date May 15 220354
2003 GMT
8
What Are The Problems?

• CDP Not Specified!
• CDP Optional!
• Next Update in Two Weeks!

9
Among All CAs!

• CDP Protocols

CA Name CDP Protocol
Entrust HTTP/LDAP
GeoTrust HTTP
GlobalSign HTTP
GTE CyberTrust HTTP
IPSCA HTTP
Thawte
Verisign HTTP
10
Among All CAs!

• CRL Lifecycles

CA Name CRL Lifecycle
Entrust Daily
GeoTrust 10 Days
GlobalSign 30 Days
GTE CyberTrust 6 Months
IPSCA 30 Days
Thawte 30 Days
Verisign 14 Days
11
CA Market Share
12
There Must Be Another Way!

• Online Certificate Status Protocol (RFC 2560)
• Real-Time
• Three Responses
• Burden Moved to Server

13
OCSP

• OCSP Servers
• CA Run
• CA Delegated
• Trusted Third Parties
• Client Knows Server Address
• Client Sends Serial Number
• Server Sends Signed Response

14
The Next Problem

• Knowing Location of Server!
• System Is Useless
• So What Can We Do?

15
A Solution

• The DNS System
• Referrals
• Client Only Needs Address of Any Server!
• Authority is Delegated
• The Service Locator Extension
• Specifics Undefined
• Not Currently Being Used
• Signed Response
• Local Responder or CA Key

16
So What?

• OCSP Can Mimic DNS
• Local Responders
• Authoritative Responders
• Root OCSP Servers
• Nothing Known About Authoritative Responder!

17
(No Transcript)
18
(No Transcript)
19
Key Points

• Every PKI Needs Revocation!
• CRLs Bad!
• OCSP Good!

20
Conclusion

• Terrorist, Terrorist, Terrorist
• 9/11, 9/11
• God Bless America

21
References

• Ron Rivest, Can We Eliminate Certificate
  Revocation Lists?, Financial Cryptography, 1998.
• Patrick McDaniel and Aviel Rubin, A Reponse to
  Can We Eliminate Certificate Revocation Lists?,
  Financial Cryptography, 2000.
• Serge Egelman, Josh Zaritsky, and Anita Jones,
  Improved Certificate Revocation with OCSP.
• M. Myers, R. Ankney, A. Malpani, S. Galperin, and
  C. Adams, X.509 Internet Public Key
  Infrastructure Online Certificate Status
  Protocol (OCSP), IETF RFC 2560.
• R. Housley, W. Polk, W. Ford, and D. Solo,
  Internet X.509 Public Key Infrastructure
  Certificate and CRL Profile, IETF RFC 2459.

22
Questions?